UNCLASSIFIED 



Cryptologic Quarterly 



Data Comm urdcgtigns Via P owerlines 

I I (b) (3) -P.L. 86-36 



The author is a member of NSA Cohort 11 at 
the Joint Military Intelligence College. Many of 
the ideas presented in this paper were developed 
as a class research paper at the Joint Military 
Intelligence College. 

The views expressed in this paper are those of 
the author and do not reflect the official policy 
or position of the Department of Defense or the 
U.S. government. 

The hunger for increased bandwidth is driv- 
ing individuals, corporations, and organizations 
to seek new r methods for delivering Internet serv- 
ice to customers. Many of these methods are well 
known: radio-frequency (or wireless) communi- 
cations (such as the IEEE 802.11 Wireless IAN, 
Bluetooth, and the HomeRF and SWAP 
Protocols), infrared communications (IrDA), 
fiber-optic channels, high-speed telephone con- 
nections (such as DSL and ISDN or the more 
modern Home Phoneline Networking Alliance 
(HomePNA) system). 1 One approach that is still 
receiving a cool reception in the United States is a 
highly discussed option in Europe and the rest of 
the world using the power grid as a delivery con- 
duit for high-speed data communications. This 
paper provides a brief introduction to High- 
Speed Powerline Communications (HSPLC): the 
technologies, political struggles, and future look. 

The FAectric Power Grid Design 

Before discussing HSPLC, it is informative to 
outline the construction of the power deliver}' sys- 
tems in the United States and Europe. In the 
United States, electric pow'er is transferred from 
the power producer to the power user via a three- 
stage delivery system. Electric power is generated 
at a moderately high voltage (typically around 
4.16 - 13-8 kilovolts (kV); 1 kV = 1000 volts) 2 at 
the power plant (using either a high-speed tur- 



bine, such as in nuclear- or coal-powered electric 
power plants, or a low-speed turbine, such as is 
used in hydroelectric power plants). The power is 
transferred to the transmission system via a volt- 
age step-up transformer. 3 Typical voltages in this 
stage range from 138 kV to 500 kV or more. Bulk 
power is delivered from the generating plants via 
this intercity transmission system (which can 
span several states) to the transmission substa- 
tions where the power is transferred to a sub- 
transmission system whose voltages range from 
38 kV to 138 kV; power transference is made via 
a step-down transformer. The subtransmission 
system delivers the high voltage throughout a city 
or large region. Power is delivered to the con- 
sumers via the distribution system. Transference 
from the subtransmission system to the distribu- 
tion system is made within regions called distri- 
bution substations, likewise using step-down 
transformers. Output cables from the distribution 
substations are typically called feeders. 

In the United States, the distribution system 
is subdivided into two components: the primary 
distribution system (the voltages of which run 
from 4.6 kV to 12.47 kV) 4 and the secondary dis- 
tribution system (the voltages of which are the 
typical 120/240/208 voltages in houses and 
offices). Power from the primary distribution sys- 
tem to the secondary distribution system is trans- 
ferred via the distribution transformers common- 
ly seen on top of power poles or in large metal 
boxes near offices and apartment complexes. A 
typical arrangement for suburban power connec- 
tions has four houses connected in a secondary 
distribution system, being served by a single dis- 
tribution transformer. At best, a secondary distri- 
bution system in the U.S. services only a few 
apartments with a single transformer. 
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Europe and most of the rest of the world use a 
single layer distribution system. Output voltages 
from the subtransmission substations range from 
200 to 300 volts, depending on the country. The 
reasons for the differing philosophies are not 
important to this paper, but it is important to rec- 
ognize that in the United States usually only a 
handful of consumers connected are in a single 
(secondary) distribution system while in the rest 
of the world hundreds of consumers can be con- 
nected in a single distribution system. As will be 
seen later, these facts partially answer the ques- 
tion of why HSPLC is of great interest in Europe 
but of only mild interest in the U.S. 

Loiv-speed Poiverline Communications 

Protocols 

Using the electric powerline to send informa- 
tion is not a new idea. Sweden has used its elec- 
tric power grid for telephone communications for 
many years. Further, electric power lines have 
been used throughout the world for low-frequen- 
cy communications by the electric power indus- 
try, for baby monitors, or simple control func- 
tions, using protocols such as XlO® Home 
Automation, Intellon CEBus®, Echelon 
LONWorks®, or Intelogis PLUG-IN®. 5 These 
proprietary protocols are low speed and are used 
solely for controlling consumer systems, such as 
lights, appliances or simple electronics. In addi- 
tion to these consumer-oriented protocols, the 
power industry has a separate protocol for using 
powerlines to communicate system control 
(SCADA) data. In the past, signals used by the 
electric utilities for controlling signal powerline 
communication have been analog. Data are trans- 
mitted using either amplitude modulation (either 
double-sideband or single-sideband) or frequen- 
cy-shift (ON-OFF) keying on carrier frequencies 
from 30 kHz to 500 kHz in the U.S. and from 10 
kHz to 490 kHz in Canada. 6 Because the power 
industry worldwide is changing its protocols for 
all SCADA communications, this report does not 
examine the power utility protocols. 



XlO, 7 the granddaddy of powerline protocols, 
uses amplitude modulation to send binary infor- 
mation from a controller/transmitter to XlO 
modules that are plugged into a standard electri- 
cal outlet. The control pulses consist of 120 kHz 
bursts with a 1ms envelope: the presence of a 
burst signals a logical “1” while the absence of a 
burst is a logical “0.” 8 A single bit is transmitted 
twice (for reliability) 9 on each cycle of the 60 Hz 
AC power sine-wave; the bursts are synchronized 
to within 200ms of the zero-voltage crossing 
point of the AC power sine-wave. As a result, its 
transmission rate is limited to 60 bits per second 
(bps). Further, a complete X-10 command con- 
sists of two packets, each containing two identical 
messages of 11 bits (voltage cycles); each packet is 
separated by a 3-cycle gap 10 (again, redundancy 
for reliability). The result is that a single X-10 
command takes approximately 47 cycles of the 60 
Hz signal or 0.8 seconds to send. 

The developers of the CEBus standard (EIA- 
600) state that they use spread-spectrum tech- 
nology to transmit data." However, unlike tradi- 
tional spread-spectrum techniques such as fre- 
quency-hopping or direct-sequence spreading, 
the spread-spectrum of CEBus sweeps the signal 
frequency from 100 Hz to 400 Hz for each bit. 
According to the developers, this overcomes some 
of the inherent noise problems associated with 
higher speed powerline communications. Like 
XlO, CEBus has two fundamental components: a 
transceiver and a microcontroller. Unlike XlO, 
CEBus is not restricted to powerline communica- 
tions but can use any communication media, 
including RF. 12 At its higher level, CEBus uses 
its own Common Application Language (CAL) to 
ensure that CEBus compliant systems made by 
different manufacturers can exchange commands 
and status requests. 13 CAL creates device “con- 
texts” and object classes to communicate a 
given command to the appropriate device. 14 The 
CEBus protocol is similar to Ethernet in that 
(a) it is peer-to-peer and (b) it uses a Carrier 
Sense Multiple Access/Collision Detection and 
Resolution (CSMA/CDCR) protocol to avoid data 
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collisions. 15 This protocol requires a network 
node to wait until the line is clear so that there 
will be no simultaneous transmission on the line. 
Data are transmitted at the rate of approximately 
10 kilobits per second (kbps). Standard EIA 709.2 
defines the specifications to use either CEBus for 
sending data over two- and three-phase electrical 
powerlines. The standard restricts the powerline 
channel to a spectral bandwidth from 125 kHz to 
140 kHz and specifies data communication rates 
of 5.65 kbps while providing a narrow-band 
power line signaling technology that meets North 
American and European regulations. 16 

LONWorks 17 (ANSI/ELA 701.9-A-1999) is 
similar to CEBus: it works as either a peer-to-peer 
or a master-slave data communication system; it 
uses spread spectrum technology to transmit 
data; and it uses a CSMA technique for data colli- 
sion avoidance. Additionally, LONWorks also 
supports many communication media including 
twisted pair, power line, fiber-optics, coaxial 
cable, radio frequency, and infrared. 18 Unlike 
CEBus, LONWorks supports higher data rates: 
from 610 bps up to 1.25 Mbps 19 and is a propri- 
etary protocol, requiring a license for operation. 
However, if used for data transmission over 
powerlines, LONWorks is restricted by EIA 
709.2, just like CEBus. The LONWorks standard 
implements a control system communication 
network using an open communications protocol, 
LONTalk, and LONWorks Network Services 
(LNS), in addition to a proprietary MAC protocol 
to provide the peer-to-peer networking layer. A 
key feature of LONWorks is the LNS, which pro- 
vides an object-oriented method to connect net- 
worked control devices. LNS clients can run on 
any platform (PC, MAC, UNIX, embedded, etc.). 
LNS Server supports both LONTALK and TCP/IP 
protocols at the transport layer. 

PLUG-IN 20 is based on the Open System 
Interconnection (OSI) model and defines several 
protocols: at the Application Layer, PLUG-IN 
uses either the proprietary Intelogis Common 
Application Layer (iCAL) Protocol (for 



client/server operation) or the CEBus Generic 
Common Application Language (CAL, for peer- 
to-peer operation); at the Network, Transport, 
and Data Link Layers, PLUG-IN defines the 
Power Line Exchange (PLX) Protocol while at the 
Physical Layer PLUG-IN uses the Digital Power 
Line (DPL) Protocol. Using DPL, PLUG-IN 
boasts data transmission rates of up to 350 kbps 
using a single channel frequency. PLUG-IN uses 
Frequency-Shift-Keying (FSK) to encode the data 
onto the signal carrier. A proposed version of 
PLUG-IN DPL (for Digital Power Line) is to use 
multiple signal channels to produce speeds of 
over 1 Mbps. Bit error rates for DPL are in the 
range of 10'9 with 80 dB of dynamic range. The 
FSK scheme encodes the digital data onto the 
power line by using two or more separate fre- 
quencies that are in a fairly narrow frequency 
band. Like the other low-speed powerline com- 
munications protocols, PLUG-IN is intended for 
control system communication signals. However, 
the success of DPL has led other companies to 
attempt to modify it for carrying high-speed data 
communications over powerlines. 

High-speed Powerline Communications 
Protocols 

There are many difficulties in using power- 
lines for High Speed Powerline Communications 
(HSPLC), including the wide variation in the line 
impedance as a function of frequency, the high 
attenuation and interference problems, and the 
signal reflections caused by signal mismatches. 21 
Each developer of HSPLC products has attempt- 
ed to solve these difficulties by proposing differ- 
ent protocols. While many companies and organ- 
izations have been (and still are) pushing their 
concept, only four primary protocols are actively 
competing to become THE protocol for HSPLC. 
These are Intellon’s PowerPacket™ protocol, 
Intelogis’ Plug-In PLX™, Digital Powerline™ 
(DPL), and Adaptive Networks’ AN1000 Power 
Line Communication system. 
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The HomePlug (Powerline) Alliance consists 
of over forty members who are major manufac- 
turers of computers and data communication 
equipment, including 3Com, CISCO, Compaq, 
Intel, Motorola, Panasonic, Radio Shack and 
Texas Instruments. On June 5, 2000, 

PowerPacket was selected by the HomePlug 
Alliance to become the basis for an industrial 
specification in home powerline networking. 22 
As a result, most of the manufacturers who were 
developing the other protocols (with the excep- 
tion of Adaptive Networks) are moving away from 
their original developments and turning their 
attention to creating products that will conform 
to the new HomePlug standard. 




Fig. 1. Time-Frequency Spectra of OFDM 
From Lawrey, Chapter! 



PowerPacket, now referred to as 
HomePlug 1.0, uses Orthogonal 
Frequency Division Multiplexing 
(OFDM) technology to transmit data 
at up to 5 Megabits per second 
(Mbps) 23 in the 4- to 20-MHz fre- 
quency band of the powerline. 24 
OFDM is a multicarrier transmission 
technique, similar to Frequency 
Division Multiple Access (FDMA). 25 
Both of these techniques divide the 
available spectrum into many carriers 



and modulate each carrier by a separate low-rate 
data stream. However, where FDMA allocates 
each subchannel (which are typically 10 kHz to 30 
kHz wide) to separate users, OFDM uses all the 
subchannels (OFDM typically has 100-1000 sub- 
channels, each around 1 kHz wide) 26 to broadcast 
a single message, thus allowing more data to be 
transmitted faster with a lower symbol rate than 
in FDMA. Figure 1 is a graph of a typical 
OFDM/FDMA spectrum. Coded Orthogonal 
Frequency Division Multiplexing (COFDM) is the 
same as OFDM except that forward error correc- 
tion is applied to the signal before transmission. 

One problem encountered with power line 
communications is aliasing (distortion of a signal 
due to the interference of the signals from adja- 
cent channels). As data rates increase and chan- 
nel bandwidths narrow, aliasing increases. In 
order to prevent aliasing, guard frequency bands 
are included in each subchannel. This means that 
a portion of the spectrum allocated to each sub- 
channel is a “dead zone” of no signal. The guard 
bands in FDMA are large (typically up to 50 per- 
cent of the total spectrum) 27 whereas in OFDM 
the guard bands are much smaller resulting in the 
spacing between channels being closer in OFDM 
than in FDMA. By setting all the subcarriers 
orthogonal to each (hence, the definition of 
Orthogonal Frequency Division Multiplexing), 
interference is reduced between the closely 
spaced carriers. 




Fig. 2. Multipath Interference 
From Lawrey, Chapter! 
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Another of the problems with HSPLC is that 
of multipath reflections. Figure 2 below indicates 
the concept of multipath reflections in the case of 
radio communications. 

Multipath interference, also called “ghosting,” 
results when a signal travels from a transmitter to 
a receiver via multiple possible signal paths. Since 
the time required for a signal to travel a finite dis- 
tance varies directly with the distance, a signal 
that travels over multiple paths will result in a 
multitude of signals being presented at the 
receiver, each received signal slightly time-shifted 
with respect to each other (i.e., having phase 
shifts with respect to each other). These multiple 
paths can be created by reflections (in a power- 
line, reflections are the result of impedance mis- 
matches between the transmission line and the 
loads attached to the line) or diffractions around 
obstacles (in a powerline, diffractions are caused 
by imperfections, such as “kinks” or cracks in the 
transmission line). For powerline communica- 
tions, multipath distortion results in digital inter- 
symbol interference. Like aliasing, multipath 
interference increases with frequency. 



Because of their low symbol rates, ODFM sig- 
nals are highly resistant to multipath interfer- 
ence. 28 Additionally, a time domain guard period, 
shown in figure 3, is added to reduce the possibil- 
ity of interference due to the symbol spreading 
caused by the multiple paths. 29 

Theoretically, the OFDM protocol should be 
able to operate at up to 100 Mbps, although most 
devices operate at around 14 Mbps. 30 Since the 
RF characteristics of a powerline vary as a func- 
tion of frequency, using different modulations 
would allow the channel efficiency to be opti- 
mized to its maximum potential. 31 Because the 
subchannel carriers are orthogonal to each other, 
each subcarrier in OFDM can be modulated with 
a separate modulation scheme such as any com- 
bination of coherent or differential, phase or 
amplitude modulation schemes, including BPSK, 
QPSK, 8PSK, 16QAM, 64QAM or others. 
Normally, this is not done, but the same modula- 
tion scheme is used on all subchannels for the 
sake of economy of design. The choice of the 
modulation scheme depends on how much noise 
is in the channel. 32 




Fig. 3. OFPM Signal With Guarcj Pertocl 
From Lawrey, Chapter 1. 



While the HomePlug Alliance has chosen 
ODFM to be the standard powerline communica- 
tion protocol, not everyone agrees that it is the 
best. Michael Propp, president of rival Adaptive 
Networks Inc., claims that the HomePlug proto- 
col “enables a PC-centric, point-to-point unicast- 
ing network” and that such a network is “not a 
usable home network.” 33 A rival consortium, the 
Consumer Electronics Association (CEA) R7.3 
Committee, argues that, for it to be applicable for 
home use, a powerline network must be able to 
support a large number of nodes and “simultane- 
ous entertainment activities such as streaming 
audio and video, plus provisions for multicasting 
and broadcasting,” something PowerPacket does 
not provide. 34 However, an interesting feature of 
the 14 Mbps PowerPacket chips currently being 
produced by Intellon (INT5130) is that they come 
equipped with real-time 56-bit DES encryption of 
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data packets, 35 a feature that has been identified 
as a major need in powerline communications 
but has not been stressed in design circles. 

Propp argues that home networks need a 
wideband spread-spectrum transmission and 
adaptive equalization to ensure that some portion 
of the transmitted spectrum is received without 
distortion due to “the multiple peaks and valleys 
of the power line transfer function.” 36 As shown 
in figure 4, 37 the transmission line attenuation 
(the dark line) is not constant but varies with fre- 
quency. A narrowband spread-spectrum signal 




Fig. 4. Powerllne Attenuation ancj Spwg4 Spectrum. 
From Adaptive Networks. 



(shown with the light colored line) may not pass 
some frequencies while a wideband spread-spec- 
trum signal (the medium colored line) will allow 
some portion of the signal to pass. However, since 
the attenuation varies with frequency (as well as 
time and distance between the source and the 
receiver), the receiver must adapt to the changing 
conditions. 

Propp’s own corporation, Adaptive Networks, 
Inc., just happens to manufacture a product that 
provides these features: the AN1000 Power Line 
Communication system. Adaptive Network’s pro- 
tocol, which is being considered by the CEA R7.3 
Committee for its specification, pushes wide- 
band spread spectrum and adaptive control of the 
receiver. 



The other major HSPLC technologies, Plug-In 
PLX and Digital Powerline, are similar in techni- 
cal content and were discussed earlier in the low- 
frequency protocols. They both operate around 1- 
2 Mbps and use frequency-shift key (FSK) tech- 
niques. 

Regulatory Issues of Powerline 
Communications 

There is a spirited debate raging in Europe 
over HSPLC (the topic is hot in Europe, since the 
technology there is capable of being cost effective. 
In the U.S., the market has yet to develop so the 
issue is not as hotly pursued.) The debate centers 
mostly on the electromagnetic compatibility/ 
electromagnetic interference (EMC/EMI) issues 
associated with HSPLC. Key players in this arena 
are the International Powerline Communications 
Forum (IPCF), the European Telecommunica- 
tions Standards Institute (ETSI), the 
International Telecommunication Union (ITU), 
the European Radiocommunications Office 
(ERO), a subcommittee of the European 
Conference of Postal and Telecommunications 
Administrations (CEPT) (ERO coordinates 
radiofrequency spectrum allocations in 
Europe), 38 the European Committee for 
Electrotechnical Standardization (CENELEC) 39 
and the Comite Internationale Special des 
Perturbations Radioelectrotechnique (CISPR), a 
committee of the International Electrotechnical 
Commission (IEC) dealing with the technical 
issues of EMC and other related matters. The IEC 
itself is the worldwide standards-setting institu- 
tion concerned with all aspects of electrical tech- 
nology (CENELEC is the European member of 
the IEC, just like the ISO is the U.S. member of 
the IEC). 

In a nutshell, the problem is that HSPLC radi- 
ates electromagnetic energy off the power trans- 
mission fines. Depending on the data rate, signal 
frequencies of HSPLC can vary from 100 kHz to 
30 MHz, a band of frequencies that is highly used 
for mobile, marine and aeronautical distress and 
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calling, for time signals used by radio 
astronomers, by airports for civil defense com- 
munications - in short, a wide variety of critical 
communications. Currently, spectral usage in this 
area is set by ERO and the radiation limits are 
established by CISPR . 40 The IPCF has been lob- 
bying the IEC to change the standards for radia- 
tion in the frequency bands. Needless to say, the 
massive amount of coordination between the 
ETSI/ITU, CISPR/IEC, ERO/CEPT and CEN- 
ELEC is slowing the regulatory aspects of HSPLC 
adoption. Additionally, there is massive resist- 
ance by the current users of the proposed fre- 
quency band (coming from civil defense organi- 
zations, military, scientific (astronomy) organiza- 
tions - everyone who has a stake in the outcome). 
However, the current state of HSPLC regulation 
is a declaration by the IEC that there WILL be a 
revision of the frequency band and EMC limits in 
order to accommodate HSPLC . 41 ETSI and CEN- 
ELEC are jointly developing a new standard to 
accommodate everyone, but there will be much 
effort before everyone is satisfied 42 

Summary 

The growing digital revolution is creating an 
ever-increasing demand for bandwidth. Many 
products and services are being introduced to ful- 
fill this demand, one of which is the use of power- 
lines to transport data, whether by low-speed or 
high-speed data transmission. Many companies 
are working to create what they consider to be the 
ideal approach to using powerlines for data trans- 
mission. In the low-Speed powerline communica- 
tions arena, used primarily for simple functions 
such as simple system control and low-frequency 
communications (e.g., baby monitors), propri- 
etary protocols still dominate. These systems are 
well established, and the only new innovations 
are to add more products to the line. On the other 
hand, high-speed poweriine communications is 
just entering the respectability phase of product 
design. The signaling characteristics of the differ- 
ing protocols are proprietary, but the higher-level 
communications protocols are proposed to be of 



the UDP/TCP/IP suite. New products and new 
concepts are constantly being added. 

That said, there are many critics of the entire 
concept of powerline data transmission, particu- 
larly high-speed powerline communications 
(HSPLC). Some of the problems and criticisms to 
be resolved are as follows: 

HSPLC is unfeasible and inefficient for data 
transmission. This argument is losing ground as 
practical devices capable of operating at tens of 
megabits per second are appearing. Tests have 
shown that the new devices have overcome some 
of the limitations inherent in older HSPLC 
designs and that high data rates with low bit- 
error rates are possible. 

HSPLC is impractical, especially in the 
United States, due to signal blockage by the 
power transformers. As discussed earlier, only a 
few consumers are linked together in the U.S. by 
the power distribution system while many con- 
sumers are linked together by the distribution 
system in the rest of the world. These power 
transformers in the U.S. distribution system thus 
inhibit potential Internet communication. 
Supporters have countered by noting two areas 
HSPLC can serve: as a local area network within 
a home, building, or small office (where being 
able to plug-and-play a device using a standard 
power plug is a great attraction for the consumer) 
and as a bulk carrier between regions (using the 
transmission grid of the power industry). 
Further, the supporters have argued that contem- 
porary systems are just as impractical: the cost of 
laying optical fiber to the door of each consumer 
makes that option unlikely; that DSL doesn’t 
reach every home, particularly in the U.S.; that 
telephone modems rely on multiplexing in order 
to extend access to more persons (i.e., technology 
used in telecommunications today can be easily 
and cheaply adapted to HSPLC at the distribution 
transformer to multiplex the users onto the rest of 
the network); and that all telecommunication 



UNCLASSIFIED 



Page 59 



Cryptologic Quarterly 



UNCLASSIFIED 



options suffer degradation as the number of users 
increases. 

The biggest headache is the regulatory limits 
imposed by EMC/EMI considerations. There are 
many opponents to HSPLC as a result of this 
issue. However, regulations change, and the more 
that industry desires the introduction of HSPLC, 
the more likely the existing regulations will be 
modified. 

Security issues have been little addressed . 
There is a growing recognition that HSPLC has a 
serious security vulnerability, particularly in 
Europe, due to the interconnectedness of the net- 
work and the open protocols (UDP/TCP/IP) 
being proposed. Industry is starting to address 
these issues, but caveat emptor. 

Powerline carrier communications is here to 
stay. It may be limited to a local area network 
within the home or office, or it may become 
another medium like telephone modem commu- 
nications, but it will be used in the future. The 
only real obstacle to its full development is the 
lack of a standard around which the entire indus- 
try can rally. The future holds the answer. 
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